ASB Bank introduces two-factor authentication in a bid to cut online fraud by "phishers" who trick bank customers into revealing their account details.
Two-factor authentication requires two independent factors to identify a person. Ideally, one is physical and the other mental, for example, using the Eftpos card in association with a Pin (personal identification number)..ASB plans to send text messages to the mobile phones of customers when they want to make a "significant" transaction, said Clayton Wakefield, the group general manager of technology and operations. A six-digit number will be sent to the cellphone to authenticate the user.
New Zealand bank customers are regularly targeted by such scams. Phishing attacks, as defined by the Anti-Phishing Working Group, use spoofed e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords
How does it work?
Customers can use browsers to look at accounts with just a password. If the customer wants to perform a significant transaction, the ASB web server will transmit a pseudo-random six-digit number to their cellphone using SMS. This six-digit number is only valid for a few minutes but by typing it into their browser, it allows the customer to perform the transactions. It ensures the person with the online password has also got the matching cellphone and - hopefully - that person is the account holder.
Other m-payment services offered by ASB:
ASB has already hooked up with Telecom to offer mTopup facilities for prepaid Telecom mobile phones.
They have also rolled out mPayments, that will allow a customer to do general banking and purchase goods from an mPayments merchant using a mobile phone and a password.
Comments